babadeda | hxxps://gitlab[.]com/Binayak7/golden/-/raw/main/Cloud_Stx2[.]msi?inline=false

Analysis

max time kernel
146s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20220901-en
resource tags

arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
submitted
13-09-2022 13:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://gitlab.com/Binayak7/golden/-/raw/main/Cloud_Stx2.msi?inline=false

Score

10^/10

babadeda crypter loader

Malware Config

Signatures

Babadeda
Babadeda is a crypter delivered as a legitimate installer and used to drop other malware families.
loader crypter babadeda

Babadeda Crypter 3 IoCs

resource	yara_rule
behavioral2/files/0x0001000000022e07-189.dat	family_babadeda
behavioral2/memory/3536-200-0x000000000C860000-0x000000000FD60000-memory.dmp	family_babadeda
behavioral2/memory/3536-209-0x000000000C860000-0x000000000FD60000-memory.dmp	family_babadeda

Executes dropped EXE 1 IoCs

pid	Process
3536	Snapseed.exe

Loads dropped DLL 33 IoCs

pid	Process
1008	MsiExec.exe
1008	MsiExec.exe
1008	MsiExec.exe
1008	MsiExec.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
3536	Snapseed.exe
1832	MsiExec.exe
1832	MsiExec.exe
1832	MsiExec.exe
1832	MsiExec.exe

Enumerates connected drives 3 TTPs 64 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe

Maps connected drives based on registry 3 TTPs 2 IoCs

Disk information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum	Snapseed.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\disk\Enum\0	Snapseed.exe

Drops file in Windows directory 17 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI2ADB.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2B78.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\SourceHash{A60B1EA0-DE80-4E30-8B4B-0A76E4EA6086}	msiexec.exe
File created	C:\Windows\Installer\e572677.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e572677.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5015.tmp	msiexec.exe
File created	C:\Windows\Installer\e572674.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2F03.tmp	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2A0E.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI50E2.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e572674.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI28C5.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI4F0A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI5074.tmp	msiexec.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 89be75672cbed801	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3732833469"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "30984049"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{09FEA45E-3365-11ED-A0EE-426B8B52D88D} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\RepId\PublicId = "{41AD5927-8A54-4651-8EE4-8202E50B4965}"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "30984049"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3732833469"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "369839434"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-929662420-1054238289-2961194603-1000_Classes\Local Settings	iexplore.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
3860	msiexec.exe
3860	msiexec.exe
3860	msiexec.exe
3860	msiexec.exe
3860	msiexec.exe
3860	msiexec.exe
3860	msiexec.exe
3860	msiexec.exe
2796	msiexec.exe
2796	msiexec.exe
2796	msiexec.exe
2796	msiexec.exe
2796	msiexec.exe
2796	msiexec.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3924	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3924	msiexec.exe
Token: SeSecurityPrivilege	3860	msiexec.exe
Token: SeCreateTokenPrivilege	3924	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3924	msiexec.exe
Token: SeLockMemoryPrivilege	3924	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3924	msiexec.exe
Token: SeMachineAccountPrivilege	3924	msiexec.exe
Token: SeTcbPrivilege	3924	msiexec.exe
Token: SeSecurityPrivilege	3924	msiexec.exe
Token: SeTakeOwnershipPrivilege	3924	msiexec.exe
Token: SeLoadDriverPrivilege	3924	msiexec.exe
Token: SeSystemProfilePrivilege	3924	msiexec.exe
Token: SeSystemtimePrivilege	3924	msiexec.exe
Token: SeProfSingleProcessPrivilege	3924	msiexec.exe
Token: SeIncBasePriorityPrivilege	3924	msiexec.exe
Token: SeCreatePagefilePrivilege	3924	msiexec.exe
Token: SeCreatePermanentPrivilege	3924	msiexec.exe
Token: SeBackupPrivilege	3924	msiexec.exe
Token: SeRestorePrivilege	3924	msiexec.exe
Token: SeShutdownPrivilege	3924	msiexec.exe
Token: SeDebugPrivilege	3924	msiexec.exe
Token: SeAuditPrivilege	3924	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3924	msiexec.exe
Token: SeChangeNotifyPrivilege	3924	msiexec.exe
Token: SeRemoteShutdownPrivilege	3924	msiexec.exe
Token: SeUndockPrivilege	3924	msiexec.exe
Token: SeSyncAgentPrivilege	3924	msiexec.exe
Token: SeEnableDelegationPrivilege	3924	msiexec.exe
Token: SeManageVolumePrivilege	3924	msiexec.exe
Token: SeImpersonatePrivilege	3924	msiexec.exe
Token: SeCreateGlobalPrivilege	3924	msiexec.exe
Token: SeRestorePrivilege	3860	msiexec.exe
Token: SeTakeOwnershipPrivilege	3860	msiexec.exe
Token: SeRestorePrivilege	3860	msiexec.exe
Token: SeTakeOwnershipPrivilege	3860	msiexec.exe
Token: SeRestorePrivilege	3860	msiexec.exe
Token: SeTakeOwnershipPrivilege	3860	msiexec.exe
Token: SeRestorePrivilege	3860	msiexec.exe
Token: SeTakeOwnershipPrivilege	3860	msiexec.exe
Token: SeRestorePrivilege	3860	msiexec.exe
Token: SeTakeOwnershipPrivilege	3860	msiexec.exe
Token: SeRestorePrivilege	3860	msiexec.exe
Token: SeTakeOwnershipPrivilege	3860	msiexec.exe
Token: SeRestorePrivilege	3860	msiexec.exe
Token: SeTakeOwnershipPrivilege	3860	msiexec.exe
Token: SeRestorePrivilege	3860	msiexec.exe
Token: SeTakeOwnershipPrivilege	3860	msiexec.exe
Token: SeShutdownPrivilege	2796	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2796	msiexec.exe
Token: SeCreateTokenPrivilege	2796	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	2796	msiexec.exe
Token: SeLockMemoryPrivilege	2796	msiexec.exe
Token: SeIncreaseQuotaPrivilege	2796	msiexec.exe
Token: SeMachineAccountPrivilege	2796	msiexec.exe
Token: SeTcbPrivilege	2796	msiexec.exe
Token: SeSecurityPrivilege	2796	msiexec.exe
Token: SeTakeOwnershipPrivilege	2796	msiexec.exe
Token: SeLoadDriverPrivilege	2796	msiexec.exe
Token: SeSystemProfilePrivilege	2796	msiexec.exe
Token: SeSystemtimePrivilege	2796	msiexec.exe
Token: SeProfSingleProcessPrivilege	2796	msiexec.exe
Token: SeIncBasePriorityPrivilege	2796	msiexec.exe
Token: SeCreatePagefilePrivilege	2796	msiexec.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4344	iexplore.exe
4344	iexplore.exe
3924	msiexec.exe
3924	msiexec.exe
2796	msiexec.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4344	iexplore.exe
4344	iexplore.exe
3188	IEXPLORE.EXE
3188	IEXPLORE.EXE
3536	Snapseed.exe
3536	Snapseed.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 4344 wrote to memory of 3188	4344	iexplore.exe	84
PID 4344 wrote to memory of 3188	4344	iexplore.exe	84
PID 4344 wrote to memory of 3188	4344	iexplore.exe	84
PID 4344 wrote to memory of 3924	4344	iexplore.exe	93
PID 4344 wrote to memory of 3924	4344	iexplore.exe	93
PID 3860 wrote to memory of 1008	3860	msiexec.exe	97
PID 3860 wrote to memory of 1008	3860	msiexec.exe	97
PID 3860 wrote to memory of 1008	3860	msiexec.exe	97
PID 3860 wrote to memory of 3536	3860	msiexec.exe	98
PID 3860 wrote to memory of 3536	3860	msiexec.exe	98
PID 3860 wrote to memory of 3536	3860	msiexec.exe	98
PID 4344 wrote to memory of 2796	4344	iexplore.exe	106
PID 4344 wrote to memory of 2796	4344	iexplore.exe	106
PID 3860 wrote to memory of 1832	3860	msiexec.exe	107
PID 3860 wrote to memory of 1832	3860	msiexec.exe	107
PID 3860 wrote to memory of 1832	3860	msiexec.exe	107

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://gitlab.com/Binayak7/golden/-/raw/main/Cloud_Stx2.msi?inline=false
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4344
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4344 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:3188
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Cloud_Stx2.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3924
- C:\Windows\System32\msiexec.exe
  "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\Cloud_Stx2.msi"
  2⤵
  - Enumerates connected drives
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2796

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3860
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 228A2648D8B02A57CF253134EECC9DA8
  2⤵
  - Loads dropped DLL
  PID:1008
- C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\Snapseed.exe
  "C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\Snapseed.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Maps connected drives based on registry
  - Suspicious use of SetWindowsHookEx
  PID:3536
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 0C5D4B784C72B94FACEDF56980092C70
  2⤵
  - Loads dropped DLL
  PID:1832

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\ColorManager.dll

Filesize
372KB

MD5
4baa06b1ef7109ac18dc9e58a8652ebd

SHA1
41ce03b95114dca46675e096433782fa966dd347

SHA256
78478a574bfce81b4e7742d36fd6012b1b4b9a2d3c45a70c84233bbd4f8c7b4f

SHA512
ce64fdd20e2341271283b6e186114dd3ba2993ce8dd30d7875705922f19f33a96e9f4049d880c03bc62aab9ed57d3af7cf42fd7233cfee9dfc943ea2e088804f

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\ColorManager.dll

Filesize
372KB

MD5
4baa06b1ef7109ac18dc9e58a8652ebd

SHA1
41ce03b95114dca46675e096433782fa966dd347

SHA256
78478a574bfce81b4e7742d36fd6012b1b4b9a2d3c45a70c84233bbd4f8c7b4f

SHA512
ce64fdd20e2341271283b6e186114dd3ba2993ce8dd30d7875705922f19f33a96e9f4049d880c03bc62aab9ed57d3af7cf42fd7233cfee9dfc943ea2e088804f

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\MemoryManager.dll

Filesize
88KB

MD5
c3a3da9888b3f07002545e959efb13ef

SHA1
3d2e85190eaca92a28134f595e076d6f5a458318

SHA256
f675df6678ae72ff5673d5348e8d186a6a76e0b64a18ad92e57f258d719ee357

SHA512
01a772561db90a76e7edc3f1b378fdd0ffab7c51b83efd65122bfeafdbf2c7273b86176508911873002b9fc196f5956c5d89c1f8168ef624d99574bc2dd592f6

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\MemoryManager.dll

Filesize
88KB

MD5
c3a3da9888b3f07002545e959efb13ef

SHA1
3d2e85190eaca92a28134f595e076d6f5a458318

SHA256
f675df6678ae72ff5673d5348e8d186a6a76e0b64a18ad92e57f258d719ee357

SHA512
01a772561db90a76e7edc3f1b378fdd0ffab7c51b83efd65122bfeafdbf2c7273b86176508911873002b9fc196f5956c5d89c1f8168ef624d99574bc2dd592f6

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\Snapseed.exe

Filesize
9.3MB

MD5
8afc00988751cfd7ad1669e412f0589a

SHA1
5c5ac38c2e070a4c14fdc873cd6f1a858ea633d9

SHA256
bba4fc0d9e6471dd5e3ca23096883574bc721f727fc1e47ba283c404958007ab

SHA512
2bea08d52a09c5d4db552b3ca4d4f685c714e165f2de6b7582a39485cc4d5f049f5264cf2b36cc11c9ff92730964718f5e07510a53fe29194bdffd9d028498ff

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\Snapseed.exe

Filesize
9.3MB

MD5
8afc00988751cfd7ad1669e412f0589a

SHA1
5c5ac38c2e070a4c14fdc873cd6f1a858ea633d9

SHA256
bba4fc0d9e6471dd5e3ca23096883574bc721f727fc1e47ba283c404958007ab

SHA512
2bea08d52a09c5d4db552b3ca4d4f685c714e165f2de6b7582a39485cc4d5f049f5264cf2b36cc11c9ff92730964718f5e07510a53fe29194bdffd9d028498ff

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\base.dll

Filesize
3.1MB

MD5
0352aebd6674fdaf9688caae374259e8

SHA1
5616247621cb5ca336242d450f1c0cdf89f49fce

SHA256
7a454f18e0112874b65ef9eb27f7d2f1a9de5ee6af7fb0db39bce0e45d78c135

SHA512
3bffbbe1ca78b7da644d9aadd7c94653928cf52d0aa78682e8cdfd6c438c93d5002a9c2b56b4001241a369642cd7cae94f3778db6ac2adad5f11ad1fa3ea565b

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\base.dll

Filesize
3.1MB

MD5
0352aebd6674fdaf9688caae374259e8

SHA1
5616247621cb5ca336242d450f1c0cdf89f49fce

SHA256
7a454f18e0112874b65ef9eb27f7d2f1a9de5ee6af7fb0db39bce0e45d78c135

SHA512
3bffbbe1ca78b7da644d9aadd7c94653928cf52d0aa78682e8cdfd6c438c93d5002a9c2b56b4001241a369642cd7cae94f3778db6ac2adad5f11ad1fa3ea565b

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\brotlicommon.dll

Filesize
132KB

MD5
0e868ec6a67e491d43ca20ed71c8345d

SHA1
b45397b8bafa891a04476f7ffa55fb5bba0e57b9

SHA256
441039fe954cfb6e3545aeca5d5750b7e3322eb9efc633508cca1dbefb26b24b

SHA512
45e6588671c65ef5eb39abd5f6db790bf1bc8414bfa9073cc9cbbd2bdcd6b9f82a4c6ba47a059521836c34c0504b86b6aa51a19a12317084459d6a6c544829b0

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\brotlicommon.dll

Filesize
132KB

MD5
0e868ec6a67e491d43ca20ed71c8345d

SHA1
b45397b8bafa891a04476f7ffa55fb5bba0e57b9

SHA256
441039fe954cfb6e3545aeca5d5750b7e3322eb9efc633508cca1dbefb26b24b

SHA512
45e6588671c65ef5eb39abd5f6db790bf1bc8414bfa9073cc9cbbd2bdcd6b9f82a4c6ba47a059521836c34c0504b86b6aa51a19a12317084459d6a6c544829b0

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\brotlidec.dll

Filesize
42KB

MD5
1616310c08ec85ab5f0437fbf82faf84

SHA1
c65cb7266cd21f45728097009147596ca08c0a73

SHA256
d9fce48811df001c7f8fe60361f1ea270fc37df7aa73a06a853fd102317cf49d

SHA512
ddb8a547367cb40d29a5b3ae54edeb157a707d21993b4cbf5f83617d50795fe8c5235e1afe850515f5b3ddd286c5bd704c7a2fec14f5eb6998d4719e79bf9a85

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\brotlidec.dll

Filesize
42KB

MD5
1616310c08ec85ab5f0437fbf82faf84

SHA1
c65cb7266cd21f45728097009147596ca08c0a73

SHA256
d9fce48811df001c7f8fe60361f1ea270fc37df7aa73a06a853fd102317cf49d

SHA512
ddb8a547367cb40d29a5b3ae54edeb157a707d21993b4cbf5f83617d50795fe8c5235e1afe850515f5b3ddd286c5bd704c7a2fec14f5eb6998d4719e79bf9a85

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\bz2.dll

Filesize
63KB

MD5
37b38a8e9fbc70f3ed962e5720795a04

SHA1
171692daf0a136154edde6e22c791d238ae8c1d0

SHA256
f004cd4113a8d832fc4a57f0e28a9001c2fddf67b3544590dd36d0f60d0cef8c

SHA512
9d34222337bf50122c613f2132346b7dca0df51990921ff0c7372463f0be69a441eab18122c02e1a94c8fcaa71b533dd477282d74dbc769fb490f4d46aba2607

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\bz2.dll

Filesize
63KB

MD5
37b38a8e9fbc70f3ed962e5720795a04

SHA1
171692daf0a136154edde6e22c791d238ae8c1d0

SHA256
f004cd4113a8d832fc4a57f0e28a9001c2fddf67b3544590dd36d0f60d0cef8c

SHA512
9d34222337bf50122c613f2132346b7dca0df51990921ff0c7372463f0be69a441eab18122c02e1a94c8fcaa71b533dd477282d74dbc769fb490f4d46aba2607

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\eos.dll

Filesize
478KB

MD5
74866b0ad75e124534729ca7d97f7272

SHA1
4a887a54281038c7c7de8b31b76b3d50546a173e

SHA256
f668deb9deb8e2417e278d5397cfcc18f12ab735f37fafc4cca6dde629188d21

SHA512
8393d3957dcb7b765faa2d3092370b0c8474677102c0a6f50440bfbd93e11b1b49411af50295703f67cbe56b331c14029e9ad067153c9b1ca0828df7da56aee5

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\eos.dll

Filesize
478KB

MD5
74866b0ad75e124534729ca7d97f7272

SHA1
4a887a54281038c7c7de8b31b76b3d50546a173e

SHA256
f668deb9deb8e2417e278d5397cfcc18f12ab735f37fafc4cca6dde629188d21

SHA512
8393d3957dcb7b765faa2d3092370b0c8474677102c0a6f50440bfbd93e11b1b49411af50295703f67cbe56b331c14029e9ad067153c9b1ca0828df7da56aee5

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\filtering.dll

Filesize
4.0MB

MD5
0780fde45d90ef4977183e6fdad7365a

SHA1
418a5992a64032879bfcc6ef7971e7ef27e0f7f0

SHA256
363eb6db63fa7ae11af8a4bd085471461a9d7fde44153f7cb1f34000d700dbe5

SHA512
5cbe3ad35e9548c96d8960531e31b99b73994a065b80e6d7b8d01a374a594a53d44a8ddef544655a45290cc94ff0d8f8e2eabd74fe822847813b42b9d8b840d9

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\filtering.dll

Filesize
4.0MB

MD5
0780fde45d90ef4977183e6fdad7365a

SHA1
418a5992a64032879bfcc6ef7971e7ef27e0f7f0

SHA256
363eb6db63fa7ae11af8a4bd085471461a9d7fde44153f7cb1f34000d700dbe5

SHA512
5cbe3ad35e9548c96d8960531e31b99b73994a065b80e6d7b8d01a374a594a53d44a8ddef544655a45290cc94ff0d8f8e2eabd74fe822847813b42b9d8b840d9

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\freetype.dll

Filesize
554KB

MD5
839c270a8ba5444eebddd293c61e6333

SHA1
0fcfab6030a91c722aebea4bfd1bcbe2138c71f9

SHA256
ac40311bc17fc9eaf16f4aaf08c07d8a256e07aa4af081c9db9b552b56119e6e

SHA512
d34c0f4fcd77c70fa131af3ca19ed82a1d991f599ef8bf69295be25618a0c94af859a67cd80d4893ce105559a432202281ea2ee67af352878c69f8438a1e48cd

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\freetype.dll

Filesize
554KB

MD5
839c270a8ba5444eebddd293c61e6333

SHA1
0fcfab6030a91c722aebea4bfd1bcbe2138c71f9

SHA256
ac40311bc17fc9eaf16f4aaf08c07d8a256e07aa4af081c9db9b552b56119e6e

SHA512
d34c0f4fcd77c70fa131af3ca19ed82a1d991f599ef8bf69295be25618a0c94af859a67cd80d4893ce105559a432202281ea2ee67af352878c69f8438a1e48cd

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\glew32.dll

Filesize
208KB

MD5
a39dbd473034b13da00bfb49ff0ae43c

SHA1
4531b806a73716ee4821225b5ba37695387b33c2

SHA256
fa05d852bf3ffc3699783e9e4976c5460c7f604e5daad2cb803410eadb7d8a99

SHA512
a0f4a0100318ec877ae71fdfc7afe6dc41ac0d738182bd0d025fc55fff998c55f1223197f300b105990e0b9946270d89a6a9c9facd170805220c9e9ea8f349cb

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\glew32.dll

Filesize
208KB

MD5
a39dbd473034b13da00bfb49ff0ae43c

SHA1
4531b806a73716ee4821225b5ba37695387b33c2

SHA256
fa05d852bf3ffc3699783e9e4976c5460c7f604e5daad2cb803410eadb7d8a99

SHA512
a0f4a0100318ec877ae71fdfc7afe6dc41ac0d738182bd0d025fc55fff998c55f1223197f300b105990e0b9946270d89a6a9c9facd170805220c9e9ea8f349cb

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\gui.dll

Filesize
3.3MB

MD5
3c4c4681d7cc16752eb4ecaa11ea4d4f

SHA1
5971b2bf7d2076d881921a369262a0f4152852dc

SHA256
7a8f379954953a2b725786cf561fb93b93724f737d72d9e5226ec48a78b07a82

SHA512
f132e9f670a62f9fe9aa5afe3b7c21a3c3570768b4b02dedf994b7aaed329a699b4ca49ab687ff9efc2885d0946251badeadceca44b618e274047e7faed733a3

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\gui.dll

Filesize
3.3MB

MD5
3c4c4681d7cc16752eb4ecaa11ea4d4f

SHA1
5971b2bf7d2076d881921a369262a0f4152852dc

SHA256
7a8f379954953a2b725786cf561fb93b93724f737d72d9e5226ec48a78b07a82

SHA512
f132e9f670a62f9fe9aa5afe3b7c21a3c3570768b4b02dedf994b7aaed329a699b4ca49ab687ff9efc2885d0946251badeadceca44b618e274047e7faed733a3

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\guiext.dll

Filesize
4.3MB

MD5
822d2c5afb9429ab2aa1338ab1a84b75

SHA1
61015dd6aef68448ced2dc9e9af221ae8070b4ca

SHA256
ad9f20e4c9345bc6d8b343483bb7cca7da598936dd9131e0061da5dce0748e25

SHA512
2f7a26f62418096746aff594db1448e519172cf5e554eb6e777238f4fbe95683aa23e309809ff4f4449e00e563d85491c383493af69c7a035ef495183144d599

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\guiext.dll

Filesize
4.3MB

MD5
822d2c5afb9429ab2aa1338ab1a84b75

SHA1
61015dd6aef68448ced2dc9e9af221ae8070b4ca

SHA256
ad9f20e4c9345bc6d8b343483bb7cca7da598936dd9131e0061da5dce0748e25

SHA512
2f7a26f62418096746aff594db1448e519172cf5e554eb6e777238f4fbe95683aa23e309809ff4f4449e00e563d85491c383493af69c7a035ef495183144d599

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\imaging.dll

Filesize
5.6MB

MD5
d00c8b191db5ab48548709352b543efe

SHA1
ebf9f4742b8455804b7b21ceb2b1815eef1bc36d

SHA256
e216166e10177f62992822a3bd0ed2777c882534d4530e88c01484f58df38603

SHA512
cad10fd01a9dbb52beaa87bd99ee47f3827641a7e4932fe755016cabc60a3eb82dee252f6c24326cb1b9529799ccc1fb7c815a88ab4836cf67037c9edb4738d5

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\imaging.dll

Filesize
5.6MB

MD5
d00c8b191db5ab48548709352b543efe

SHA1
ebf9f4742b8455804b7b21ceb2b1815eef1bc36d

SHA256
e216166e10177f62992822a3bd0ed2777c882534d4530e88c01484f58df38603

SHA512
cad10fd01a9dbb52beaa87bd99ee47f3827641a7e4932fe755016cabc60a3eb82dee252f6c24326cb1b9529799ccc1fb7c815a88ab4836cf67037c9edb4738d5

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\libgss30.dll

Filesize
18KB

MD5
1661490e175ece1bcc7a3741a81f98b0

SHA1
8bc4d0c74c63683a951edd8c0d8c54200d05a1ac

SHA256
03b1ef42a47f8d007a5362855ed673a9141b87e0e05848eecb23ede788d7062f

SHA512
c37db2c34ce1626df517ed1347ada5631558f7d11664d8783b0a182602dbc8ec3ddb29693f4c263f835100e3502d836ef2e06b1aacc3151a9d1badef86261e3f

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\libgss30.dll

Filesize
18KB

MD5
1661490e175ece1bcc7a3741a81f98b0

SHA1
8bc4d0c74c63683a951edd8c0d8c54200d05a1ac

SHA256
03b1ef42a47f8d007a5362855ed673a9141b87e0e05848eecb23ede788d7062f

SHA512
c37db2c34ce1626df517ed1347ada5631558f7d11664d8783b0a182602dbc8ec3ddb29693f4c263f835100e3502d836ef2e06b1aacc3151a9d1badef86261e3f

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\libpng14.dll

Filesize
160KB

MD5
b35c40a45b014d7dd5e900dc119a5dd1

SHA1
ec1f1eb3369b943e7ab7844b603760a508c62523

SHA256
97d27df864ffb4a77c24e4ffd3789b53e77da52012ae2fd1e669b3d438816bee

SHA512
605e4f9a969e38f023b4fbcc140e169847546335827f08dd4c49c862e05e38cbb94cdc58a95c2af91d28ebf28c626971dd1f441afc8a1a30080b03f8d5f7059b

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\libpng14.dll

Filesize
160KB

MD5
b35c40a45b014d7dd5e900dc119a5dd1

SHA1
ec1f1eb3369b943e7ab7844b603760a508c62523

SHA256
97d27df864ffb4a77c24e4ffd3789b53e77da52012ae2fd1e669b3d438816bee

SHA512
605e4f9a969e38f023b4fbcc140e169847546335827f08dd4c49c862e05e38cbb94cdc58a95c2af91d28ebf28c626971dd1f441afc8a1a30080b03f8d5f7059b

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\libpng14.dll

Filesize
160KB

MD5
b35c40a45b014d7dd5e900dc119a5dd1

SHA1
ec1f1eb3369b943e7ab7844b603760a508c62523

SHA256
97d27df864ffb4a77c24e4ffd3789b53e77da52012ae2fd1e669b3d438816bee

SHA512
605e4f9a969e38f023b4fbcc140e169847546335827f08dd4c49c862e05e38cbb94cdc58a95c2af91d28ebf28c626971dd1f441afc8a1a30080b03f8d5f7059b

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\libpng16.dll

Filesize
162KB

MD5
8bb4c17afdeadb4c81da2f407dcb9809

SHA1
ce2bb6eddedf31e9dee7e43d4535250da442e852

SHA256
1ceae383d27ef1b45d19f7bff2ab8fe02d553c861342ac8c2d6a32f9a6c1b825

SHA512
b944a4b1e0e9a3b5418169429810c8933910bcdfe13b87d01027d0a4786ca7ddd44b4540da07a09b9a56a196f7681d31a878b72766991fa3dddc5221bfee82bd

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\libpng16.dll

Filesize
162KB

MD5
8bb4c17afdeadb4c81da2f407dcb9809

SHA1
ce2bb6eddedf31e9dee7e43d4535250da442e852

SHA256
1ceae383d27ef1b45d19f7bff2ab8fe02d553c861342ac8c2d6a32f9a6c1b825

SHA512
b944a4b1e0e9a3b5418169429810c8933910bcdfe13b87d01027d0a4786ca7ddd44b4540da07a09b9a56a196f7681d31a878b72766991fa3dddc5221bfee82bd

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\mdb

Filesize
1.8MB

MD5
462e6f6de54812637e66628a91fc624a

SHA1
25b9fd51c9c5d6585be86ed514590fbcedd96648

SHA256
f985206df113820164f3a5634e5fe4e8769b1b98d7bd0e5f9fe9cfd245655bf0

SHA512
7053669b8f1c8e4b3f82e22ae71590ad78fcf82fec4acdfbee2e1660dbc68281698695dc2fe7cd3221f0133e7d90454e6316f8b72c16da2cfba964f9025c9725

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\metadata.dll

Filesize
982KB

MD5
e2a132f05e3bd76fc9e448b9153599b6

SHA1
37ffae2e2164996e7570a4c1d3d17b8de073acbd

SHA256
091dc816826814418e5745aab6dc35e969a1efe7ddffb2b4aad992e827c7e567

SHA512
b2b2370d316f399aabb3031bf4a509c26a5d56148183a95f2dbffeaf2b9a12881d6ce6d7eb2ba879f41671f05958bf3e56d35bff065bf511352ddc14fe5867ef

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\metadata.dll

Filesize
982KB

MD5
e2a132f05e3bd76fc9e448b9153599b6

SHA1
37ffae2e2164996e7570a4c1d3d17b8de073acbd

SHA256
091dc816826814418e5745aab6dc35e969a1efe7ddffb2b4aad992e827c7e567

SHA512
b2b2370d316f399aabb3031bf4a509c26a5d56148183a95f2dbffeaf2b9a12881d6ce6d7eb2ba879f41671f05958bf3e56d35bff065bf511352ddc14fe5867ef

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugin.dll

Filesize
223KB

MD5
49ba917bc43fb958144978f16275aa90

SHA1
cc4e3109a8416fc78b950fbe31a49b86d10facec

SHA256
bc0199f8353bfc3b5fb3435361b0805aada166dacc1fcef5ea432e8e0334f30d

SHA512
fe7b924bc64a08ebf9755bda610d30901a374a0d175d707a8e7d3d9c00c0e2106b371fa8d960102cbce5281ae8e397c59cf723fa94a98bcef1616e658b5b59ce

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugin.dll

Filesize
223KB

MD5
49ba917bc43fb958144978f16275aa90

SHA1
cc4e3109a8416fc78b950fbe31a49b86d10facec

SHA256
bc0199f8353bfc3b5fb3435361b0805aada166dacc1fcef5ea432e8e0334f30d

SHA512
fe7b924bc64a08ebf9755bda610d30901a374a0d175d707a8e7d3d9c00c0e2106b371fa8d960102cbce5281ae8e397c59cf723fa94a98bcef1616e658b5b59ce

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugins\defaultfhm_shared.fhm

Filesize
220KB

MD5
e8c15ea3e27b18c551e47562a599a15f

SHA1
8a95166dc4f54a8d0aafbff69a007e963df2db71

SHA256
94860f9ba968c858ca70d0f55558dae6fcb9b1cc635cf464d055ceee992138cd

SHA512
63339f57b4cccae73050dc75456f23e4018429be914d9a0cfa427de48fd37aa0308d1dfb4e882d17ae122cf3417675142c41bb4ddea6ecfe58a5584e06d86e87

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugins\defaultfhm_shared.fhm

Filesize
220KB

MD5
e8c15ea3e27b18c551e47562a599a15f

SHA1
8a95166dc4f54a8d0aafbff69a007e963df2db71

SHA256
94860f9ba968c858ca70d0f55558dae6fcb9b1cc635cf464d055ceee992138cd

SHA512
63339f57b4cccae73050dc75456f23e4018429be914d9a0cfa427de48fd37aa0308d1dfb4e882d17ae122cf3417675142c41bb4ddea6ecfe58a5584e06d86e87

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugins\jpegfhm_shared.fhm

Filesize
479KB

MD5
62c313351dd3c189cfb78e8c3c6f059d

SHA1
ab542323bbde9bab29671716afd27b0408d0403f

SHA256
1566d5e0d9f46728b4fa832003b1819f65c4917ab0c855ee6b6b8002aa84d2d1

SHA512
d035190f7c8c62164ea1ab068666d94e99beb9f896d7280779205092ccb26c1abbbe59355a88c6a8c5f88de4944e28f250af5df18bbb4f022074c3ab719c99dc

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugins\jpegfhm_shared.fhm

Filesize
479KB

MD5
62c313351dd3c189cfb78e8c3c6f059d

SHA1
ab542323bbde9bab29671716afd27b0408d0403f

SHA256
1566d5e0d9f46728b4fa832003b1819f65c4917ab0c855ee6b6b8002aa84d2d1

SHA512
d035190f7c8c62164ea1ab068666d94e99beb9f896d7280779205092ccb26c1abbbe59355a88c6a8c5f88de4944e28f250af5df18bbb4f022074c3ab719c99dc

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugins\libtiff.dll

Filesize
508KB

MD5
5973c2b00e318725bda68eb28815ce7c

SHA1
5bd4b1cfc63752de0f9dcbddb56ab65e33d541b0

SHA256
cc7a8214ea18d7ba39afdce1c7d85377c8fbfe56bdcd68da28dd37aa9873045d

SHA512
6aeadb6d02ccd318d3f31e570effcc8b069382f4177cabf98021420d8669869cda0168a42ef9861648ffa04f0e0e28e84423215036a2610bf0261ae8e6411d08

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugins\libtiff.dll

Filesize
508KB

MD5
5973c2b00e318725bda68eb28815ce7c

SHA1
5bd4b1cfc63752de0f9dcbddb56ab65e33d541b0

SHA256
cc7a8214ea18d7ba39afdce1c7d85377c8fbfe56bdcd68da28dd37aa9873045d

SHA512
6aeadb6d02ccd318d3f31e570effcc8b069382f4177cabf98021420d8669869cda0168a42ef9861648ffa04f0e0e28e84423215036a2610bf0261ae8e6411d08

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugins\tifffhm_shared.fhm

Filesize
268KB

MD5
bec21a75f6efede7390bae1911cce46f

SHA1
147eac275924d57f55181d46475e4fe05a24569f

SHA256
d16ea3d7ed354c7a65f847b9f021dc0a3f4321b5e75b750ad1b8b726a89fc63f

SHA512
d14dfaf13cd2c28f27c100eb6b3c383bb3d37c95602e1ba39b2564d49d1a26bd858a8b953edf3e97e4ccefe9e0dcda9a0023d2e3d9db46e71a9d355f4f25e58c

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\plugins\tifffhm_shared.fhm

Filesize
268KB

MD5
bec21a75f6efede7390bae1911cce46f

SHA1
147eac275924d57f55181d46475e4fe05a24569f

SHA256
d16ea3d7ed354c7a65f847b9f021dc0a3f4321b5e75b750ad1b8b726a89fc63f

SHA512
d14dfaf13cd2c28f27c100eb6b3c383bb3d37c95602e1ba39b2564d49d1a26bd858a8b953edf3e97e4ccefe9e0dcda9a0023d2e3d9db46e71a9d355f4f25e58c

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\resource\Snapseed.ico

Filesize
347KB

MD5
ed017b5a8e00048a83526453425ad375

SHA1
33ba626056f6c4630778ad384c4428df414026ff

SHA256
b3e672d421d940827b9f956e57304140c450140908bd715f8a1a2e8d0e6a5f26

SHA512
7e273850663b4bd27a0f48fab158e2fb563ea704a2b34666041aee75821baf50bab8c1951c053f5f9ba93c31562355d21108191769e7ee9dd10d54d60ed32647

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\resource\common\RegisterLogo.png

Filesize
11KB

MD5
2b6a7aa163eac10a70eaa254d95b193b

SHA1
f1f05d6fab4a1bca307fd64f9fea3589954b785a

SHA256
cb40c276d462b3026dae86be19058be4971152661df7b5461874df38b3358dbe

SHA512
efeddbef7b702b90bda0150fa4511b99cc3de21ceb13914fe7b3c79d642028f2f6cd7d45cefce10ca67cc0d9defd68c967f94dee12d88daf282f4b4fd9c8f3f5

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\resource\core\filters\vertex.glsl

Filesize
105B

MD5
af663acdbf4901e162ccda1d3ccb85fa

SHA1
ed0fada56af627afbd4b905050546eb53d5ede55

SHA256
a20b741faa035b545cca3dfbcd4c8df08188862af033dcb2a431ac8c70d4273e

SHA512
bd199e8a503db12e4cf490ff36ba7b6a8208dbbb16351d4953bce58b8212110cf6bdbba6ab1c8f7042208178c1cdc01a617232b235efd9cd1b4e7c644107e659

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\updater.dll

Filesize
135KB

MD5
12ff21a9ffce87b63508550d103a0d7b

SHA1
e750ae4a4521deea17ae2462ab2ec2436a678a1a

SHA256
888a48f9119345e78d5e9fb6c9d0049cd83c19482b01fcf010a8a5be2fa90724

SHA512
09e4a9068ec40f3df4fc30df2aebd3f4db8da873828fc5d90e2862f470fdeaba12565d0b04f8c7df2f555d439144c3f412437bc8153a94b85036ae8b0efc077c

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\updater.dll

Filesize
135KB

MD5
12ff21a9ffce87b63508550d103a0d7b

SHA1
e750ae4a4521deea17ae2462ab2ec2436a678a1a

SHA256
888a48f9119345e78d5e9fb6c9d0049cd83c19482b01fcf010a8a5be2fa90724

SHA512
09e4a9068ec40f3df4fc30df2aebd3f4db8da873828fc5d90e2862f470fdeaba12565d0b04f8c7df2f555d439144c3f412437bc8153a94b85036ae8b0efc077c

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
C:\Users\Admin\AppData\Local\Visual GDB Studio\Visual GDB Studio\zlib1.dll

Filesize
76KB

MD5
0ac2236d42d8ced5dbd181bf19637783

SHA1
59e317e893831615b7d338f3c328de42c3a04f2d

SHA256
59281018c70bfec371d593d4bd005f8c52c8a3440d96fdf28ad4881bf3c4d78f

SHA512
3c71c2f83110e51c44a6c79efd83490bbc93f022a937d6759cfed103fc250b46a7d895df5d880247381a74642ab8eb6497463202b455f1935d28b24ae0389183

Download Submit
C:\Users\Admin\Downloads\Cloud_Stx2.msi.t2jcyt5.partial

Filesize
27.0MB

MD5
f206c3b7697a84a76b75d77e3dfc2ab6

SHA1
020f216318a60a22c728b9c854701a79cb1c30bf

SHA256
3371d3687e9063f0adfd736bb836da6f07883b504c56c8a620cf9212dc72ba24

SHA512
668b4974ac935e14d0bf2fb97504e40118e989c0c1dbe1b1861c3551bafac3faaf9953c51d575cc7f8e511096330636e8c5d5187d503e9d1899e785ddbd2a90f

Download Submit
C:\Windows\Installer\MSI28C5.tmp

Filesize
550KB

MD5
0dd1f1ff906c4d1fc7ad962e994cad7f

SHA1
4d1549cf7ef6a63baf83280143d7797d4df4fa2d

SHA256
140f578569adbf831f87275091af9ca200ed8b2453cbe729a0249b9b6f6b4588

SHA512
8d5622bb299bf6bebf3eaa266a9fcbbc953a729e9d9ca20f8f358d7a14599d0a017feef58aa8d3aadc075c6211478bbac2d38e38e36e34096d4dceb51ffd00cb

Download Submit
C:\Windows\Installer\MSI28C5.tmp

Filesize
550KB

MD5
0dd1f1ff906c4d1fc7ad962e994cad7f

SHA1
4d1549cf7ef6a63baf83280143d7797d4df4fa2d

SHA256
140f578569adbf831f87275091af9ca200ed8b2453cbe729a0249b9b6f6b4588

SHA512
8d5622bb299bf6bebf3eaa266a9fcbbc953a729e9d9ca20f8f358d7a14599d0a017feef58aa8d3aadc075c6211478bbac2d38e38e36e34096d4dceb51ffd00cb

Download Submit
C:\Windows\Installer\MSI2A0E.tmp

Filesize
550KB

MD5
0dd1f1ff906c4d1fc7ad962e994cad7f

SHA1
4d1549cf7ef6a63baf83280143d7797d4df4fa2d

SHA256
140f578569adbf831f87275091af9ca200ed8b2453cbe729a0249b9b6f6b4588

SHA512
8d5622bb299bf6bebf3eaa266a9fcbbc953a729e9d9ca20f8f358d7a14599d0a017feef58aa8d3aadc075c6211478bbac2d38e38e36e34096d4dceb51ffd00cb

Download Submit
C:\Windows\Installer\MSI2A0E.tmp

Filesize
550KB

MD5
0dd1f1ff906c4d1fc7ad962e994cad7f

SHA1
4d1549cf7ef6a63baf83280143d7797d4df4fa2d

SHA256
140f578569adbf831f87275091af9ca200ed8b2453cbe729a0249b9b6f6b4588

SHA512
8d5622bb299bf6bebf3eaa266a9fcbbc953a729e9d9ca20f8f358d7a14599d0a017feef58aa8d3aadc075c6211478bbac2d38e38e36e34096d4dceb51ffd00cb

Download Submit
C:\Windows\Installer\MSI2ADB.tmp

Filesize
550KB

MD5
0dd1f1ff906c4d1fc7ad962e994cad7f

SHA1
4d1549cf7ef6a63baf83280143d7797d4df4fa2d

SHA256
140f578569adbf831f87275091af9ca200ed8b2453cbe729a0249b9b6f6b4588

SHA512
8d5622bb299bf6bebf3eaa266a9fcbbc953a729e9d9ca20f8f358d7a14599d0a017feef58aa8d3aadc075c6211478bbac2d38e38e36e34096d4dceb51ffd00cb

Download Submit
C:\Windows\Installer\MSI2ADB.tmp

Filesize
550KB

MD5
0dd1f1ff906c4d1fc7ad962e994cad7f

SHA1
4d1549cf7ef6a63baf83280143d7797d4df4fa2d

SHA256
140f578569adbf831f87275091af9ca200ed8b2453cbe729a0249b9b6f6b4588

SHA512
8d5622bb299bf6bebf3eaa266a9fcbbc953a729e9d9ca20f8f358d7a14599d0a017feef58aa8d3aadc075c6211478bbac2d38e38e36e34096d4dceb51ffd00cb

Download Submit
C:\Windows\Installer\MSI2B78.tmp

Filesize
550KB

MD5
0dd1f1ff906c4d1fc7ad962e994cad7f

SHA1
4d1549cf7ef6a63baf83280143d7797d4df4fa2d

SHA256
140f578569adbf831f87275091af9ca200ed8b2453cbe729a0249b9b6f6b4588

SHA512
8d5622bb299bf6bebf3eaa266a9fcbbc953a729e9d9ca20f8f358d7a14599d0a017feef58aa8d3aadc075c6211478bbac2d38e38e36e34096d4dceb51ffd00cb

Download Submit
C:\Windows\Installer\MSI2B78.tmp

Filesize
550KB

MD5
0dd1f1ff906c4d1fc7ad962e994cad7f

SHA1
4d1549cf7ef6a63baf83280143d7797d4df4fa2d

SHA256
140f578569adbf831f87275091af9ca200ed8b2453cbe729a0249b9b6f6b4588

SHA512
8d5622bb299bf6bebf3eaa266a9fcbbc953a729e9d9ca20f8f358d7a14599d0a017feef58aa8d3aadc075c6211478bbac2d38e38e36e34096d4dceb51ffd00cb

Download Submit
memory/3536-200-0x000000000C860000-0x000000000FD60000-memory.dmp

Filesize
53.0MB

Download
memory/3536-201-0x000000000AA00000-0x000000000AABC000-memory.dmp

Filesize
752KB

Download
memory/3536-208-0x000000000FF60000-0x000000000FFA1000-memory.dmp

Filesize
260KB

Download
memory/3536-209-0x000000000C860000-0x000000000FD60000-memory.dmp

Filesize
53.0MB

Download